Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. IT Analytics Help
  3. Section XVI. System Administration
  4. SSL Certificate Configuration
  5. Obtain an SSL certificate

Obtain an SSL certificate

Obtain a third-party certificate from a certificate authority (CA) such as VeriSign, Thawte, or GeoTrust. The methods for obtaining a certificate vary. Therefore, refer to the vendor's web site for specific instructions.

You may, for testing purposes or as a permanent solution, use a self-signed certificate. This is not recommended as it makes the implementation slightly more complex and may limit access to IT Analytics to some of your users.

The following outlines the process for creating a Subject Alternative Name (the certificate covers more than one hostname under a single certificate) self-signed certificate on a Linux operating system. Steps will be similar on Windows. This certificate secures communication for both the portal and data receiver web instances.

cd /tmp 

vi san.cnf

Sample san.cnf file - use this faile as a template and modify this for your environment. The san.cnf file will be an input parameter during certificate generation. Note the use of an example domain name of example.com; change this to own your environment's domain name.

Under the v3 section, in addition to the portal name, also provision the data receiver under this same certificate.

[ req ] 
default_bits = 4096 
prompt = no	 
default_md = sha256 
distinguished_name = req_distinguished_name 
x509_extensions = v3_req 

[ req_distinguished_name ] 
C = US 
ST = New York 
L = New York City 
O = Veritas 
OU = ITA 
emailAddress = aReal.emailaddress@yourdomain.com 
CN = itanalyticsportal.example.com   

[ v3_req ] 
subjectAltName = @alternate_names   

[alternate_names] 
DNS.1 = itanalyticsportal.example.com 
DNS.2 = itanalyticsagent.example.com 

  
Generate Certificate using the san.cnf file created above

The following command results in the private key name of server.key, and certificate name of server.crt. These names will be used through the remainder of this chapter. You are free to use different names for the certificate and private key files if desired. With this command, we are also creating a self-signed certificate for 3650 days, or 10 years.

openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout server.key -out server.crt -config /tmp/san.cnf 

Generating a RSA private key 
......................................++++ 
......................................++++ 
writing new private key to 'server.key' 
----- 
 tmp]# ll 
total 276 
-rwxrwxrwx 1 root   root      513 Dec 11 01:03 san.cnf 
-rw-r--r-- 1 root   root     2187 Dec 11 01:25 server.crt 
-rw------ 1 root   root     3272 Dec 11 01:25 server.key 

See Create a self-signed SSL certificate.

Feedback

Was this page helpful?
Previous

SSL implementation overview

Next

Update the web server configuration to enable SSL

Feedback

Was this page helpful?